aah Subject

Without question, the most important concept in aah is the Subject. Subject is just a security term that means a security-specific view of an application user. A aah Subject instance represents both security state and operations for a single application user.

These operations include:

Authorization (access control)

Session access

Logout

aah originally wanted to call it User since that “just makes sense”, but we decided against it.: too many applications have existing APIs that already have their own User struct, and aah didn’t want to conflict with those. Also, in the security world, the term Subject is actually the recognized nomenclature.

aah API encourages a Subject-centric programming paradigm for applications. When coding application logic, most application developers want to know who the currently executing user is. While the application can usually look up any user via their own mechanisms (UserService, etc), when it comes to security, the most important question is “Who is the current user?”

Application code based on only the current user/Subject is much more natural and intuitive.

The Current Subject

You can obtain the currently executing Subject by using

ctx.Subject()

After you acquire the current Subject, what can you do with it?

You can access Session

If you want to make things available to the user during their current session with the application, you can get their session: